IETF Logo Mail Archive

Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft

Paul Wouters <paul@nohats.ca> Wed, 29 April 2020 14:47 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDD313A1226 for <ipsec@ietfa.amsl.com>; Wed, 29 Apr 2020 07:47:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0j9l1bh1uwyx for <ipsec@ietfa.amsl.com>; Wed, 29 Apr 2020 07:47:09 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 380B53A1225 for <ipsec@ietf.org>; Wed, 29 Apr 2020 07:47:09 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 49C1Z25qyjzDdK; Wed, 29 Apr 2020 16:47:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1588171626; bh=XgB/llWPmuv7DpxLXfTJ1RRz8T6xmw8004C4WQexlUE=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Az2IxNDf+b8BOfBYTYrQoDGZZoQTlNaIWhl3N/tCP5unKxrWOeMWdoe9KJnwcQ1dm rLoPrTerQd1WmJVGfTKKOjrg+P4RKxOScW+oEXSSlzSXM16mMggArUp+yHa2aNPp05 O9bJDaAI972Or2TijP5oTSsv7pqhwcR3XO0hW/D8=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id zed92hFRHstt; Wed, 29 Apr 2020 16:47:05 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 29 Apr 2020 16:47:05 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 0FE8A6020D59; Wed, 29 Apr 2020 10:47:05 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 0ED5823D186; Wed, 29 Apr 2020 10:47:05 -0400 (EDT)
Date: Wed, 29 Apr 2020 10:47:05 -0400
From: Paul Wouters <paul@nohats.ca>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
cc: Valery Smyslov <smyslov.ietf@gmail.com>, "ipsec@ietf.org WG" <ipsec@ietf.org>
In-Reply-To: <53F12987-8F6B-46B7-831C-A4185E2B3805@apple.com>
Message-ID: <alpine.LRH.2.21.2004291046030.20702@bofh.nohats.ca>
References: <0b5201d61d43$0f16dfe0$2d449fa0$@gmail.com> <53F12987-8F6B-46B7-831C-A4185E2B3805@apple.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/OiX9eJccp2cekmvsHgQVXQMYq9E>
Subject: Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 14:47:12 -0000

On Wed, 29 Apr 2020, Tommy Pauly wrote:

> Thanks for bringing this up again. Would you be interested in making this an RFC8229bis instead? I think it would be most useful for an implementer to fold some of these clarifications into the main text itself. How do you feel about that?

That might be better. We have also been working on the Linux and
libreswan code for this, and have also gotten into a few corner
cases that might be good to explain the implementors.

Paul

v2.23.0 | Report a Bug | By Email